github.com/tektoncd/pipeline

Go6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/tektoncd/pipelinepage 1 of 1

CVE-2023-37264LOWCVSS 3.7EG 3.7
2023-07-07
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Ta…
CVE-2026-25542MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.11.1
2026-04-21
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource so…
CVE-2026-40161HIGHCVSS 7.7EG 7.7✓ Fixed in 1.11.1
2026-04-21
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the syst…
CVE-2026-40923MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.0.2
2026-04-21
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allo…
CVE-2026-40924MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.9.3
2026-04-21
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.Read…
CVE-2026-40938HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.2
2026-04-21
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as …

Check whether github.com/tektoncd/pipeline is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/tektoncd/pipeline CVEs against the assets you own.

Start Free Scan →